Solved

Not recieving email from some domains

Posted on 2009-04-07
29
298 Views
Last Modified: 2012-05-06
I have a client using SBS2003 with exchange 2003.  They are not able to receive email from some domains.  We are using Mcafee Groupshield 6.0 with the anti-spam add-on.   I have recruited a user at one of the domains that we are having issue with to help me to troubleshoot this and send test messages to my client and copy me, I receive all of the messages they send.  

I have turned ALL SMTP logging on that I know exists.  NONE of the logs show an attempt to connect from any of the domains we are having issue with to my clients server, but my messages do appear in the SMTP logs.    My client can send messages to them with no problems. I have checked the anti-spam logs and nothing is logged.  My client, and the domains in question are not listed in any of the blacklists (147 of them) located in the blacklist search at MX Toolbox.

I am at a loss here.  If it was one domain I would say it was on their end, but, it appears to be several domains that we are having the issue with.  So, That leads me to believe it is on our end.

Any help is greatly appreciated.

My client and I are use the same ISP, and Our servers are setup nearly Identically.
0
Comment
Question by:pfleury1
  • 16
  • 4
  • 4
  • +3
29 Comments
 
LVL 15

Expert Comment

by:zelron22
ID: 24087513
Does your client have a reverse DNS entry for their domain/server?

Is the other party getting any NDRs?
0
 
LVL 3

Expert Comment

by:NoodlesWIU
ID: 24087543
One thought is using the address for the MXtoolbox for their server try and fake an email by telneting to their mail server on port 25 and use the helo commands to mimick an email providing when it asks with one of the problem domains.

you can find a list of commands how to do it quickly here.  It will at least let you know if its being accepted by the mail server.

http://www.wikihow.com/Send-Email-Using-Telnet

-Cheers

0
 

Author Comment

by:pfleury1
ID: 24087695
My client does have a reverse DNS/PTR record and it is correct (Checked it after I posted but before your comment)

I am not sure I understand the "using the address for the MXtoolbox for their server" .  I understand the fake email  I'm not sure about MXtoolbox, I've never had cause to use that before and I am not familiar with it
0
 

Author Comment

by:pfleury1
ID: 24087939
I tried the telnet from my machine and it went as follows. Edited (of course) to maintain privacy.  Myclient.com replaced my clients domain name, Domain.com replaces the external domain name

220 MyClient.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.211 ready at
Tue, 7 Apr 2009 10:36:00 -0400
helo Domain.com
250 MyClient.com Hello [xx.xx.xxx.xx]
mail from:(Person Helping)@domain.com
250 2.1.0 (Person Helping)@domain.com....Sender OK
rcpt to:client@myclient.com
250 2.1.5 client@myclient.com
data this is a test from paul
354 Start mail input; end with <CRLF>.<CRLF>
.
250 2.6.0 <SBS2003tIL1f3x7cOSH000000aa@MyClient.com> Queued mail for delivery
quit
221 2.0.0 MyClient.com Service closing transmission channel

I checked the loSMTP log, and it shows a connection with the domain name domain.com and my IP address
0
 
LVL 3

Expert Comment

by:NoodlesWIU
ID: 24088406
I know it sounds silly, but what happens if you add a trouble domain to your whitelist.  or can you turn off the anti-spam feature temporarily to send another telnet email and see where it goes.
0
 

Author Comment

by:pfleury1
ID: 24088446
Oops...Forgot to mention that I did both of those things as well during my troubleshooting.  Whitelisted, No Joy. Disabled all AV and AS software (this was scary) for a test and no Joy.  Thanks for the suggestion though.
0
 
LVL 11

Expert Comment

by:djxtreme
ID: 24088468
pfleury1,

did the Telnetted email come through?

You say emails come through to you, can you see them logged in your SMTP filters?

Doesnt seem to be a rDNS / blacklist issue, though adding the domain to your McAffee whitelist may be worth a shot (as previously suggested)
0
 

Author Comment

by:pfleury1
ID: 24088574
No, the telnetted emails do not get delivered.  but I thought this might be for some other reason, like something related to relaying since I did not telnet from the actual IP of the domain name I used in the telnet session

Yes, I see them in my logs.  

I have whitelisted them in McAfee.  

Is there a whitelist in Exchange that I don't know about?
0
 
LVL 11

Expert Comment

by:djxtreme
ID: 24088625
No there isnt.

Ok, enable message tracking (if not already enabled), re-send the email via Telnet (the commands you put here looked right) and then track the message.

0
 

Author Comment

by:pfleury1
ID: 24088781
I had Message tracking turned on.  I reviewed the log and my previous telnet session does NOT appear in the Message Tracking log (I did not create a new Telnet session).  It does appear in the SMTP connector log though.
0
 
LVL 3

Expert Comment

by:NoodlesWIU
ID: 24089259
It's not considered relaying if you did it through telnet because you were the original starting point of the message.  In relaying it will examine the headers of the message to see where it has bounced from.  Each server relaying it will stamp its own name in the header of the email.

Because your acting as an original source it wouldnt be seen as a relay.  Plus if it was a relay you would get an NDR saying Relaying not allowed.  

Can you turn off the Anti-SPAM program temporarily to try again.  I honestly think its with your SPAM filter.  Even though you may have it whitelisted.  If you can disable it temporarily...give it a shot.

0
 

Author Comment

by:pfleury1
ID: 24089392
Thanks for the info NoodlesWIU.  I have disabled the Anti-Spam, and the Anti-Virus as a test, and it had no effect.  As soon as I can get a hold of my recruit at one of the domains that is not getting through, I will try it again.  

But, If they are not in the Anti-Spam log, not in the Message Tracking log and not in the SMTP connector log, wouldn't that mean that it is something external to the server causing the problem?  I dunno.  It just seems like it's not making it to the server at all.

I am going to try to contact one of the domain's IT departments and ask them to telnet in and see if we get anywhere.

I'll post back with updates.

In the meantime, any and all suggestions are welcome.
0
 
LVL 11

Expert Comment

by:djxtreme
ID: 24089603
You've proved it is not something external, as emailing via telnet (you did do this from an external source didn't you?) shows the exact same issue, no message and no tracking.

It's rather bizzare that you see the SMTP log, can you paste the SMTP log as <code> so we can take a look?
0
 

Author Comment

by:pfleury1
ID: 24089906
Here is an update:
I got ahold of the Administrator at one of the domains.  He and I went through a bunch of things and here are the results.

He could NOT Telnet to my clients server although I still can.  He checked the Queues on his Exchange 2007 Server and there is nothing in the retry queues for my clients domain.  He is getting no NDR's.  As he repeatedly tried to telnet to the server on Port 25 I checked connection logs and saw nothing, but did see the connection from my network.  I recreated the Firewall rule for port 25 forwarding to the server. I restarted the firewall. I restarted the SMTP service. I cleared the DNS Cache.  

He is now in the same boat as us saying what the ?

It seems that the messages are getting out onto the internet and vaporizing.  But He CANNOT telnet to the server.
0
Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

 
LVL 11

Expert Comment

by:djxtreme
ID: 24090030
The remote Admin not being able to telnet is key here.

Did you do your Telnet test externally?

If he is timing out, then it is either a fiewall policy (unlikely) or something third party on your Exchange server blocking it.

AFAIK there is no built-in tool to Exchange 2k7 to automatically blacklist IP's

Let me sleep on this (since my head is filed with XML IDM config right now), and I'll have another review in the AM
0
 

Author Comment

by:pfleury1
ID: 24090301
Yes I did my telnet externally.
He is simply getting "connection failed". He can ping the server and get a reply (after I opened the port on the firewall). He can also do a tracert successfully.

0
 
LVL 3

Expert Comment

by:NoodlesWIU
ID: 24090352
Thats where I was going with it as well djxtreme.  It sounds like your firewall then.  What kind of firewall is being used?  If its a ISA server or something like that do some monitoring when they send a test message and see what might be the hold up.
0
 

Author Comment

by:pfleury1
ID: 24090393
Ithink we are all heading in the same direction. I just arrivedvonsite to switch them to a backup firewall (sonicwall). I'll post back with results.
0
 

Author Comment

by:pfleury1
ID: 24090889
Replaced the firewall with an older model. Same results. Some mail gets through. Same domains cannot get mail through.
0
 
LVL 15

Expert Comment

by:abhaigh
ID: 24091899
are you running any other borderware than your firewall?
0
 

Author Comment

by:pfleury1
ID: 24092123
No we are not using any borderware.
0
 

Author Comment

by:pfleury1
ID: 24099865
UPDATE- Nothing really to report.  But wanted those helping with this issue that the issue still exists.  We did find a secondary MX record that was not valid, but have corrected that with no change.  Had an admin at one of the domains pitching in, but come to find out the emails were in fact being delivered, so he cannot really help.

If anyone has more suggestions, they are welcome to jump in.

Thanks for all of the help so far.
0
 
LVL 15

Expert Comment

by:abhaigh
ID: 24100658
did the bogus MX record have a lower cost than the other? or the same cost?

now that it has been removed I think you will find that the problem will go away as that bogus entry decays out of the caches of the dns servers out there
0
 

Author Comment

by:pfleury1
ID: 24100715
the correct MX had a cost of 10 and the bogus one had a cost of 50
0
 
LVL 15

Accepted Solution

by:
abhaigh earned 500 total points
ID: 24100847
it shouldn't have been used then, but I'm betting that there's been the occasional hiccough that has cause the probematic domains to try the bogus MX record and fail
0
 

Author Comment

by:pfleury1
ID: 24101258
I would agree with you on that.  But I am continuing my search to try to get to the bottom of this.

I have spoken with a tech that administers one of the domains and found that they use Postini to scrub both incoming and outgoing mail.  I have no experience with Postini.  Does that jog anyone's thought process?
0
 

Author Comment

by:pfleury1
ID: 24102204
Another update... I have found another network that cannot send emails to my client.  Interestingly, I had the tech try to telnet to ports 25,110 and 23 which should be available and he could not connect.  When I had him try to connect using OWA, he got to the same exact server with no problem at all using the domain name.  Things in common, Postini and Symantec AV that is all I have found so far.
0
 

Expert Comment

by:forcegrip
ID: 33224977
i'm have a similar issue now, did you ever find a solution?
0
 

Author Comment

by:pfleury1
ID: 33225011
I did Solve it, but can't remember what the solution was.  I'll thing on it and get back if I remember.  Sorry
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Error 450 sending internal mail 6 21
Exchange 2003 Message retrieval 3 15
outlook, MIME 6 15
Exchange 2016 certificate 2 10
Utilizing an array to gracefully append to a list of EmailAddresses
Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
how to add IIS SMTP to handle application/Scanner relays into office 365.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now